Gentoo Linux Security Advisory 201507-7 - Multiple vulnerabilities have been found in LibVNCServer, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 0.9.10-r1 are affected.
366d16a33ddb4170dce53307384a2c9a1c34ebb67784b0e2096ac1d54dd1cce4
Mandriva Linux Security Advisory 2015-146 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature.
64a585715b6153f060300bd58af5f5fe21c455247b7446666263b01087c63c74
Debian Linux Security Advisory 3081-1 - Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side.
0435333bb4a1bb2c642dcc3af7f4b1286f123096c23431478f84f155d7cf6085
Mandriva Linux Security Advisory 2014-229 - A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature. Additionally libvncserver has been built against the new system minilzo library which is also being provided with this advisory.
59582641be6253489b02c2a056d9dc2e9d78bc1f386ccc42b6724b2908a98685
Red Hat Security Advisory 2014-1826-01 - LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash.
e2c9798857c3d1e03016b0b2c618cd8a2546b36a94835a1ec41c396e9181a3dd
Red Hat Security Advisory 2014-1827-01 - The kdenetwork packages contain networking applications for the K Desktop Environment. Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.
19c5b36078b87b05694e12e9a3ed9002344e57ab24b279a1020435c8ad2bd837
Ubuntu Security Notice 2365-1 - Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. Various other issues were also addressed.
1012981752e63e94c1b4254f2082d30c69adc29f080cd07e6da7f2ca9de5b136
LibVNCServer versions 0.9.9 and below suffer from memory management handling, buffer overflow, and denial of service vulnerabilities.
7119467df020792576889e8a01b9e775d65a326b0070c018b47a7524af569c5b